For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, August 10, 2013

Whew. Just back from vacation and could easily have taken an other ten days! I hightailed it from Maine to Maryland on Monday, arriving after midnight following long delays on the NJ Turnpike, only to turn around on the train and head for NY on Tuesday for the SINET conference at the Columbia Faculty Club. Robert absolutely knows how to put on a conference!

I arrived a bit late, but sat in every presentation and panel all afternoon. And one thing I found most interesting --a theme -- "I just skate to where the puck is going to be, not where it has been" (Wayne Gretzky) [Note: I originally misquoted this. Thanks Lux! I stand corrected!] seemed to emerge as a theme in the first panel after lunch. Interestingly enough, the panel was four folks from the business development and sales side of the house at four large defense contractors all vying for the best non-pitch pitch to the government buyers possibly in the room. The thing I found most interesting was this.. when asked "where is the puck going?" we heard standard answers --one stated that he didn't expect to see desktops next year rather mobiles and pads (really?!). Another talked of more virtualization (genius!). Yet another talked about different things he thought he'd be selling to the government in a year or so. This is exactly what I'd hoped to hear.. out of the box thought from industry leaders! Visionaries!

Is this really where the puck is going?! This is an Infosec conference right?? I hate to think these MAJOR government contractors can't think more than a year or two out. Why do I say this?

Here's what I worry about:

Short term (next two years) - in (my) priority order:

Unsuspecting supply chain companies unknowingly (or knowingly) being whacked. Hell, I'm not sure we've got any safe intellectual property left! If it's connected to the internet, you better start thinking about how you're going to replace it. The tube of toothpaste has likely (high probability) already been squeezed, and it ain't going back.

Data integrity - I worry about this one the most. I think about it almost every day. We've lost confidentiality already. How will we make our data tamper-proof, or at least know when mods weren't made by legitimate users?

Physical losses from data security breaches - Espionage has turned the corner to sabotage and availability. While not completely lost, availability and sabotage are hugely problematic. Ask any company who's computers are destroyed by a breach or a product who requires constant patching because of lost integrity.

Data integrity again. I used to be a Naval Officer working in Information Warfare (as it was called at the time). Information Warfare was pretty straight forward.. make an adversary lose confidence in his data. When data integrity is lost, and variances can't be measured, every chip, piece of code, and transaction will be suspect. Would you fly on an airplane if you thought the onboard computers were hacked? Would you drive a car? What happens when computer networked machines get bad instructions, or chips have bad code burned in because the production processes were compromised? It's not a pine cone that just bonked you in the head. This stuff is coming.

The infrastructure is lost. Everybody has tools to monitor Windows machines and grab pcap, but what about the routers, call managers, printers, VoIP phones, etc.

Service accounts to these devices, and those baked into domain crossing horizontals are the some of the hardest to protect for.

This stuff is cancerous and systemic. It's what I worry about.Not rocket science, but it's where I believe the puck is going.

How will you know? Great situational awareness. How do you get great situational awareness? You watch the radar, listen to the sonar, read every intel report, and you constantly compare notes with the picket fence set up by the rest of the fleet and joint forces you're connected to. You update your intelligence, and act on the risk.

How does this happen in cyber? You baseline your tools and infosec processes to give you the best chance at detection (and prevention). You train your staff to know what to do when... You subscribe, read, evaluate and act on as much as you can or need to. And you talk frequently to others in Red Sky or Beadwindow!

BT BT

It was a fairly slow week but productive as heck.

Two Priority Intelligence Reports were posted to the portal --one discussed ATM hacking and another an APT group associated with the ATM hacking. Priority intel reports are what the IC might call IIRs. Red Sky analysts have a list of priority and standing collection/analysis requirements, and when we find new pieces of the puzzle, we publish them to our members.

A fusion report was posted earlier in the week. FR13-21 analyzed a previously reported backdoor, but with intelligence and good tech work by the team, we reported details of the infrastructure and a new version of the TTP in use and their associated indicators.

Beadwindow has reopened. We've realigned the portal for it's new mission, and have invited its first member --who's already filled out a profile! Beadwindow will be used to service individuals, small and medium sized business, and government IT workers (2210s).

And finally, in the lab, we're preparing to go into our next healthcare gig --an online pharmacy.

One final note...

It's coming up on Labor Day --the end of summer; four months until years end. If you've been thinking of joining either Red Sky or Beadwindow, the time is now. In most cases, it takes 3-4 months to get checks paid by your accounts payable, and if you join us today, you'll get 2012 rates for your first year. Don't hesitate. Want to know what we do? This is our 42 second video...Take advantage of the 2013 pricing. Contact us today.